CVE-2024-53582

HIGH

Openpanel - Path Traversal

Title source: rule

Description

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.

Exploits (2)

exploitdb WORKING POC

by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee · textwebappsmultiple

https://www.exploit-db.com/exploits/52198

View Code ZIP pw:eip

exploitdb WORKING POC

by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee · textwebappsmultiple

https://www.exploit-db.com/exploits/52196

View Code ZIP pw:eip

References (2)

[Broken Link] https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes

[Exploit] https://packetstorm.news/files/id/188913/

Scores

CVSS v3 7.5

EPSS 0.0676

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

openpanel/openpanel 0.3.4

Published Jan 31, 2025

Tracked Since Feb 18, 2026